What I have is a Win2k (SP4) machine, 1.0GHz P4/256MB ram -- I know, almost not worth saving as is, but I have to try.
I've done what amounts to the first two steps of the six-step process outlined in the board faq on my own, before signing on to this forum, so please don't take me to task for deviations from your stated procedure. Now that I've read it, I feel your stated procedure needs a little clarification. Especially since you seem to be hardnosed about people doing it wrong -- not undeservedly, you have a lot of demands on your time and you *are* providing this service free (thanx in advance, by the way)
(1) when is one supposed to start a discussion thread, with respect to performing the listed six steps? What information needs to be in that initial post?
(2) Is one supposed to post logs at each individual step, or are all logs supposed to be posted all at once in step 5, or should one do BOTH?
(3) Is one making posts for each step, or, again, does one complete steps 1 through 5 before posting?
Here is what I have so far:
The machine is noticealy slow -- even given its OS and hardware. Spam pops up in new tabs of Firefox at random intervals. Seach redirects occur, particularly while searching on topics related to virus removal.
Step One: existing Avast Home install has become broken. It does not load, and attempting reinstallation fails with error message:
Step One-B attempting to install AVG Free after removing broken Avast install results in same error. Am unable to get AV working on this machine!
Step 2: MBAM results:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7709
Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106
9/19/2011 12:02:52 PM
mbam-log-2011-09-19 (12-02-52).txt
Scan type: Full scan (C:\|)
Objects scanned: 211504
Time elapsed: 48 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Cleaner (Rogue.SpywareCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpywareCleanerService (Rogue.SpywareCleaner) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINNT\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
Odd system behaviors persist after fixes applied. Noting that HOSTS file was affected, replace with clean version from mvps.org. They seemed on the level to me, please advise if they aren't!
Second pass with MBAM comes back clean. Supplemetary scan with TrendMicro Housecall also comes back clean.
It was at this point that I signed on to this board and read your steps. Step 3 is pending.
Given the limited hardware, and the fact that Win2k is completely unsupported, if OS reinstall is the only viable option, will probably be some form of Linux. If I can talk the friend I'm helping into it...
I've done what amounts to the first two steps of the six-step process outlined in the board faq on my own, before signing on to this forum, so please don't take me to task for deviations from your stated procedure. Now that I've read it, I feel your stated procedure needs a little clarification. Especially since you seem to be hardnosed about people doing it wrong -- not undeservedly, you have a lot of demands on your time and you *are* providing this service free (thanx in advance, by the way)
(1) when is one supposed to start a discussion thread, with respect to performing the listed six steps? What information needs to be in that initial post?
(2) Is one supposed to post logs at each individual step, or are all logs supposed to be posted all at once in step 5, or should one do BOTH?
(3) Is one making posts for each step, or, again, does one complete steps 1 through 5 before posting?
Here is what I have so far:
The machine is noticealy slow -- even given its OS and hardware. Spam pops up in new tabs of Firefox at random intervals. Seach redirects occur, particularly while searching on topics related to virus removal.
Step One: existing Avast Home install has become broken. It does not load, and attempting reinstallation fails with error message:
Procedure entry point GetProcessId could not be located in dynamic link library KERNEL32.DLL
Step One-B attempting to install AVG Free after removing broken Avast install results in same error. Am unable to get AV working on this machine!
Step 2: MBAM results:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7709
Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106
9/19/2011 12:02:52 PM
mbam-log-2011-09-19 (12-02-52).txt
Scan type: Full scan (C:\|)
Objects scanned: 211504
Time elapsed: 48 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Cleaner (Rogue.SpywareCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpywareCleanerService (Rogue.SpywareCleaner) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINNT\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
Odd system behaviors persist after fixes applied. Noting that HOSTS file was affected, replace with clean version from mvps.org. They seemed on the level to me, please advise if they aren't!
Second pass with MBAM comes back clean. Supplemetary scan with TrendMicro Housecall also comes back clean.
It was at this point that I signed on to this board and read your steps. Step 3 is pending.
Given the limited hardware, and the fact that Win2k is completely unsupported, if OS reinstall is the only viable option, will probably be some form of Linux. If I can talk the friend I'm helping into it...